Secure remote subscription management

US 9,681,296 B2
Filed: 08/15/2014
Issued: 06/13/2017
Est. Priority Date: 03/05/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for use in wireless communication by a wireless transmit/receive unit (WTRU), the method comprising:

the WTRU establishing a connection to an initial connectivity operator (ICO) using a first keyset and an initial connectivity operator identifier;

the WTRU receiving, from the ICO, a first subscriber identifier associated with a selected home operator;

the WTRU generating, after receiving the first subscriber identifier from the ICO, a second keyset using a keyset generation protocol, wherein the second keyset is different from the first keyset;

the WTRU using the second keyset and the first subscriber identifier to establish a connection to the selected home operator; and

,wherein the ICO is informed that the second keyset has been generated.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

29 Citations

View as Search Results

32 Claims

1. A method for use in wireless communication by a wireless transmit/receive unit (WTRU), the method comprising:
- the WTRU establishing a connection to an initial connectivity operator (ICO) using a first keyset and an initial connectivity operator identifier;
  
  the WTRU receiving, from the ICO, a first subscriber identifier associated with a selected home operator;
  
  the WTRU generating, after receiving the first subscriber identifier from the ICO, a second keyset using a keyset generation protocol, wherein the second keyset is different from the first keyset;
  
  the WTRU using the second keyset and the first subscriber identifier to establish a connection to the selected home operator; and
  
  ,wherein the ICO is informed that the second keyset has been generated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method recited in claim 1, wherein the keyset generation protocol comprises a Public and Private Key establishment protocol.
  - 3. The method recited in claim 2, wherein the Public and Private Key establishment protocol comprises a Public Key Cryptography Standards (PKCS) protocol.
  - 4. The method recited in claim 2, wherein a public key of the second keyset is sent to the ICO for certification.
  - 5. The method recited in claim 1, wherein the keyset generation protocol comprises a shared symmetric key generation protocol.
  - 6. The method recited in claim 5, wherein the shared symmetric key generation protocol comprises a generic bootstrapping architecture (GBA) protocol.
  - 7. The method recited in claim 5, wherein the shared symmetric key generation protocol comprises a European standard EN726 part 7 protocol.

8. A method for use in wireless communication by a wireless transmit/receive unit (WTRU), the method comprising:
- the WTRU establishing a connection to an initial connectivity operator (ICO) using a first keyset and an initial connectivity operator identifier, the first keyset and the initial connectivity operator identifier being provisioned on the WTRU;
  
  the WTRU receiving a first subscriber identifier from the ICO, the first subscriber identifier being associated with a first selected home operator;
  
  the WTRU generating, after receiving the first subscriber identifier, a second keyset using a keyset generation protocol, wherein the second keyset is different from the first keyset;
  
  the WTRU establishing a connection to the first selected home operator using the second keyset and the first subscriber identifier;
  
  the WTRU thereafter receiving a second subscriber identifier, the second subscriber identifier being associated with a second selected home operator;
  
  the WTRU generating, after receiving the second subscriber identifier, a third keyset different from the second keyset using the keyset generation protocol;
  
  the WTRU establishing a connection to the second selected home operator using the second subscriber identifier and the third keyset; and
  
  ,wherein the ICO is informed that the second keyset and the third keyset have been generated.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method recited in claim 8, wherein the third keyset is also different from the first keyset associated with the initial connectivity operator.
  - 10. The method recited in claim 8, wherein the keyset generation protocol comprises a Public and Private Key establishment protocol.
  - 11. The method recited in claim 10, wherein the Public and Private Key establishment protocol comprises a Public Key Cryptography Standards (PKCS) protocol.
  - 12. The method recited in claim 10, wherein a public key of the second keyset is sent to the ICO for certification.
  - 13. The method recited in claim 8, wherein the keyset generation protocol comprises a shared symmetric key generation protocol.
  - 14. The method recited in claim 13, wherein the shared symmetric key generation protocol comprises a generic bootstrapping architecture (GBA) protocol.
  - 15. The method recited in claim 13, wherein the shared symmetric key generation protocol comprises a European standard EN726 part 7 protocol.
  - 16. The method recited in claim 8, wherein the first subscriber identifier is received from the initial connectivity operator, and wherein the second subscriber identifier is received from the first selected home operator or the initial connectivity operator.

17. A wireless transmit/receive unit (WTRU) comprising a processor, a memory, and a transceiver, configured to:
- establish a connection to an initial connectivity operator (ICO) using a first keyset and an initial connectivity operator identifier;
  
  receive, from the ICO, a first subscriber identifier associated with a selected home operator;
  
  generate, after receiving the first subscriber identifier from the ICO, a second keyset using a keyset generation protocol, wherein the second keyset is different from the first keyset;
  
  use the second keyset and the first subscriber identifier to establish a connection to the selected home operator; and
  
  ,wherein the ICO is informed that the second keyset has been generated.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The WTRU recited in claim 17, wherein the keyset generation protocol comprises a Public and Private Key establishment protocol.
  - 19. The WTRU recited in claim 18, wherein the Public and Private Key establishment protocol comprises a Public Key Cryptography Standards (PKCS) protocol.
  - 20. The WTRU recited in claim 18, wherein the WTRU is further configured to send a public key of the second keyset to the ICO for certification.
  - 21. The WTRU recited in claim 17, wherein the keyset generation protocol comprises a shared symmetric key generation protocol.
  - 22. The WTRU recited in claim 21, wherein the shared symmetric key generation protocol comprises a generic bootstrapping architecture (GBA) protocol.
  - 23. The WTRU recited in claim 21, wherein the shared symmetric key generation protocol comprises a European standard EN726 part 7 protocol.

24. A wireless transmit/receive unit (WTRU) comprising a processor, a memory, and a transceiver, configured to:
- establish a connection to an initial connectivity operator (ICO) using a first keyset and an initial connectivity operator identifier, the first keyset and the initial connectivity operator identifier being provisioned on the WTRU;
  
  receive a first subscriber identifier from the ICO, the first subscriber identifier being associated with a first selected home operator;
  
  generate, after receiving the first subscriber identifier, a second keyset using a keyset generation protocol, wherein the second keyset is different from the first keyset;
  
  establish a connection to the first selected home operator using the second keyset and the first subscriber identifier;
  
  thereafter receive a second subscriber identifier, the second subscriber identifier being associated with a second selected home operator;
  
  generate, after receiving the second subscriber identifier, a third keyset different from the second keyset using the keyset generation protocol;
  
  establish a connection to the second selected home operator using the second subscriber identifier and the third keyset; and
  
  ,wherein the ICO is informed that the second keyset and the third keyset have been generated.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The WTRU recited in claim 24, wherein the third keyset is also different from the first keyset associated with the initial connectivity operator.
  - 26. The WTRU recited in claim 24, wherein the first subscriber identifier is received from the initial connectivity operator, and wherein the second subscriber identifier is received from the first selected home operator or the initial connectivity operator.
  - 27. The WTRU recited in claim 24, wherein the keyset generation protocol comprises a Public and Private Key establishment protocol.
  - 28. The WTRU recited in claim 27, wherein the Public and Private Key establishment protocol comprises a Public Key Cryptography Standards (PKCS) protocol.
  - 29. The WTRU recited in claim 27, wherein the WTRU is further configured to send a public key of the second keyset to the ICO for certification.
  - 30. The WTRU recited in claim 24, wherein the keyset generation protocol comprises a shared symmetric key generation protocol.
  - 31. The WTRU recited in claim 30, wherein the shared symmetric key generation protocol comprises a generic bootstrapping architecture (GBA) protocol.
  - 32. The WTRU recited in claim 30, wherein the shared symmetric key generation protocol comprises a European standard EN726 part 7 protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Meyerstein, Michael V, Shah, Yogendra C., Cha, Inhyok, Leicher, Andreas, Schmidt, Andreas
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US14/460,444
Publication Number

US 20140359278A1
Time in Patent Office

1,033 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04W 12/043   using a trusted network nod...

H04W 12/06   Authentication

H04W 4/70   Services for machine-to-mac...

H04W 8/265   for initial activation of n...

H04W 88/18   Service support devices; Ne...

Secure remote subscription management

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Secure remote subscription management

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others